Website Security News
A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin. The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and has been removed from the plugin repository. Attacks can be conducted by any…
To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of…
Have you ever wondered if your website security posture is adequate enough? The risk of having a website compromise is never going to be zero. However, as a webmaster, you…
Read More about How to Improve Your Website Security Posture – Part I
As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS) attacks consist of injecting malicious…
Update 11/03/2017: Read all about vulnerabilities and best practices to secure your website in our newly WordPress Security Guide today! During regular research audits for our Sucuri Firewall (WAF), we…
Read More about Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1
As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, we actually reported…
During regular research audits for our Sucuri Firewall (Cloud WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more than a million WordPress sites….
During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on 300,000 live websites – one…
Question: What is an XSS vulnerability? Should I be concerned about an XSS vulnerability? XSS (short for Cross-Site Scripting) is a widespread vulnerability that affects many web applications. The danger…
During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely. We notified the Magento team…
During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs.
Read More about Security Advisory: Stored XSS in Akismet WordPress Plugin
